Internet Security Systems - AlertCon(TM)

Apparently Hackers Have Been Helping to Destroy the Amazon Rainforest

Posted by Gunter Ollmann on December 12, 2008 at 2:22 PM EST.

Over the last couple of years we’ve been observing the specialization and subsequent consolidation of various hacking teams around the world as they become more readily engaged with criminal enterprises - and commercialize their hacking-as-a-service offerings.

With that in mind, a news story today caught my attention on the Greenpeace UK Website (not that I’d have ever spotted it there if it hadn’t been for the Gizmodo RSS feeds…) covering how “hackers help destroy the Amazon rainforest”. At first glance at the title, I was left scratching my head and wondering if they’re also meant to be responsible for global warming and the increase in prostate cancer?

But I had to read deeper in to the story (can’t just a book by its cover and all that lark)…

Apparently, today in Brazil a public prosecutor will be releasing details of how hackers were employed by some 107 logging and charcoal companies to compromise government systems responsible for tracking timber cutting/transport permits, and falsifying the online records to increase timber transport allocations for certain areas of the forest.

How the system is supposed to work…

To monitor the amount of timber leaving the Amazon state of Pará, the Brazilian environment ministry did away with paper dockets and two years ago introduced an online system. Companies logging the rainforest for timber or charcoal production are only allowed to fell a certain amount of timber every year and this is controlled by the use of transport permits issued by the state government's computer system.

To be exported from Pará, each shipment of timber requires one of these transport permits, and the volume of timber in each shipment is deducted from the total amount allowed under the company's forest management plan. Once that amount is reduced to zero, no more transport permits are issued so there's no profit in felling more trees.

The net result of the hacking fraud appears to be that 1.7 million cubic meters of illegal timber have been smuggled out of the Amazon – worth in the region of $833m.

While I’ve largely been talking about the growth of hacking-as-a-service offerings and their effects on the Financial Services sector (and the impact on every-day Joe Citizen – with services such as “password recovery”) over recent months, it’s really important that people understand these hacking services are available to anyone, anywhere, with whatever motivation.

For example, a quick browse of popular blackhat hacking portals will reveal multiple “vendors” offering DDoS rental schemes – for as little as $200 a day, you can lease 10,000 bot-infected hosts and point them at any host you so choose and launch your denial of service attack. So, by way of example, any sufficiently disgruntled customer of a small online retailer could rent a service like this to effectively prevent that retailer for doing any further online business through their Web portal.

Of course, as you’d expect, renting more bespoke hacking services tends to be more expensive. Depending upon the skills, notoriety and geographical location of the hacking-as-a-service provider, teams of hackers can be rented for anywhere between $200 to $5,000 per day.  Most of the blackhat hacking boards will contain advertisements by the hacking teams, and reviews of individuals that have availed them of their services (a bit like Craigslist for hackers).

Without really knowing any details of the Brazilian application responsible for tracking the logging data, it’s pretty hard to guess how much such a hack would have cost – but I wouldn’t be surprised if the original hack wasn’t some fairly standard authentication bypass or SQL Injection and, if that’s the case, then the cost of the hack would have been relatively low.

That said, I wouldn’t be surprised if things were the other way around. Some hacker(s) could have broken in to the system, realized the value of what they now had control over, and (putting their enterprising business hats on) solicited the various logging companies with a new “deforestation quota reset” hacking service – which would appear to have been well received by those 107 companies.

I'll be interesting in learning more about the attack once the details become available.

Comments or opinions expressed on this Weblog are the opinions of the authors alone. They are not necessarily reviewed in advance by anyone but the individual authors, and neither IBM Internet Security Systems nor any other party necessarily agrees with them. The views expressed by outside contributors and links to outside websites do not represent the views of IBM Internet Security Systems, its management or employees. All content on this Weblog has been made available on an “as-is” basis, and IBM Internet Security Systems shall not be liable for any direct or indirect damages arising out of use of this Weblog.